Skillset

In my previous article, I wrote an introduction to the Recon-ng Framework and its basic usage, which is primarily used for automatic information gathering and web reconnaissance. In this write-up, we will still talk about Recon-ng and will focus on the modules that are used for web recon testing purposes. Web recon testing is very vital for penetration testers in order to check for the flaws in the website or system and gather some information like the basic functionality of the website, accessibility, browser compatibility, performance, and the web technologies that are used by the website.

DNS Cache Snooper

This auxiliary module is contributed by thrapt and is used for checking a name server’s visited domains by using a technique called DNS cache snooping (Scraping). It makes non-recursive queries to the client’s DNS servers with the use of known Antivirus update site domains so that we can check possible antivirus vendors that are used on a client’s network. Below are the sites included in the Recon-ng Framework for the auxiliary:cache_snoop module which can be found under data/av_domains.lst:

www.es-latest-3.sophos.com/update

www.es-web.sophos.com

www.es-web.sophos.com.edgesuite.net

www.es-web-2.sophos.com

www.es-web-2.sophos.com.edgesuite.net

www.dnl-01.geo.kaspersky.com

www.downloads2.kaspersky-labs.com

www.liveupdate.symantecliveupdate.com

www.liveupdate.symantec.com

www.update.symantec.com

www.update.nai.com

www.download797.avast.com

www.guru.avg.com

www.osce8-p.activeupdate.trendmicro.com

www.forefrontdl.microsoft.com

es-latest-3.sophos.com/update

es-web.sophos.com

es-web.sophos.com.edgesuite.net

es-web-2.sophos.com

es-web-2.sophos.com.edgesuite.net

dnl-01.geo.kaspersky.com

downloads2.kaspersky-labs.com

liveupdate.symantecliveupdate.com

liveupdate.symantec.com

update.symantec.com

update.nai.com

download797.avast.com

guru.avg.com

osce8-p.activeupdate.trendmicro.com

forefrontdl.microsoft.com

Thus, if you happen to know other antivirus update site domains, you can just simply add one on the av_domains.lst file or even contribute to this project by making a pull request.

WhatWeb Web Technologies Scan

This auxiliary module is contributed by thrapt and it leverages WhatWeb.net to recognize web technologies that are being used by the target like its Content Management System (CMS), JavaScript libraries, web servers, embedded devices, email addresses, account IDs, web framework modules, SQL errors, Google Analytics, blogging platforms, plugin versions, etc…

This module is one of the first auxiliary modules started by Tim Tomes a.k.a LaNMaSteR53, the main author of the Recon-ng Framework. This scanner checks for the ‘elmah.axd’ log page, an error logging module and handler that can be dynamically added to a running ASP.NET web application, or even to all ASP.NET web applications on a machine, without theneed for re-compilation or re-deployment. But there is a problem with this page –it can possibly be used by attackers for ASP.NET session hijacking because of the .ASPXAUTH cookie.

Apache Server-Status Page Scanner

This auxiliary module checks if a certain website has an Apache server-status page which allows administrators to check if the server of their website is doing well. The page shows the Server Version, CPU Usage, Active Connections, Child Server number generation, some OS process ID’s, and other details which are related to the Apache Server. A security researcher named Daniel Cid said, “probably not a big deal by itself (well, if you don’t have an unprotected admin panel), but that can help attackers easily find more information about these environments and use them for more complex attacks.”

Dot Net Nuke (DNN) Remote File Upload Vulnerability Checker

This is the module that I contributed and was recently added by the main author of the Recon-ng Framework to the main repository. This auxiliary module checks for a Dot Net Nuke (DNN) fcklinkgallery.aspx page which is possibly vulnerable to Remote File Upload and allows other viewers to browse through the files that were uploaded to the web server. In most cases, you can see ASP backdoor shells and text files uploaded by some exploiters. This is an old vulnerability but there are still a lot of web administrators that haven’t upgraded their DNN version and patched this vulnerability yet on their website.

By replacing the URL in the browser with javascript:__doPostBack(‘ctlURL$cmdUpload’,”), it allows the attacker to upload a text or an image file.

This auxiliary module is authored by Tim Tomes and Kenan Abdullahoglu. It is used for analyzing response headers, cookies, and errors to determine which server-side technology is being used (PHP, .NET, JSP, CF, etc.).

Jay Turla is a security consultant. He is interested in Linux, OpenVMS, penetration testing, tools development and vulnerability assessment. He is one of the goons of ROOTCON (Philippine Hackers Conference). You can follow his tweets @shipcod3.

1)I want to hack wifi password.what i do?
2)using cmd command what method we use to shutdown other and see wifi pssword?

About InfoSec

InfoSec Institute is the best source for high quality information security training. We have been training Information Security and IT Professionals since 1998 with a diverse lineup of relevant training courses. In the past 16 years, over 50,000 individuals have trusted InfoSec Institute for their professional development needs!

Join our newsletter

File download

First Name

Last Name

Work Phone Number

Work Email Address

Job Title

Does your employer pay for training?

What is your timeline for training?

InfoSec institute respects your privacy and will never use your personal information for anything other than to notify you of your requested course pricing. We will never sell your information to third parties. You will not be spammed.

Comments

What is Skillset?

Skillset

Practice tests & assessments.

Practice for certification success with the Skillset library of over 100,000 practice test questions. We analyze your responses and can determine when you are ready to sit for the test. Along your journey to exam readiness, we will:

1. Determine which required skills your knowledge is sufficient
2. Which required skills you need to work on
3. Recommend specific skills to practice on next
4. Track your progress towards a certification exam